>> Imagine you have a page where, if a password passed from another page is >> correct, you want to show some data on the Web page, but if the password is >> incorrect you want to show a warning and under no circumstances let them see >> the data. If you used mixed, they could simply read the source of the page >> to see that data... but with pure, the only source on the page is what PHP >> actually prints out, so they won't see anything they shouldn't. > >No becose I'll not check the password when I'm going to display the data.. >I'll check it right after the post, and if it's invalid, I redirect the user >to another page, or prints a block and exits the script..
Ignore my previous comment, I was incorrect - they won't see the sensitive data with PHP. PHP parsing (I discover) ensures that the HTML mixed between PHP blocks gets treated as if it had been echoed or printed by PHP, and thus does not appear if the 'if' test fails. Sorry to have misled you (I learned something today!). -- -------------------------------------------- _ _ o o Jason Teagle < [EMAIL PROTECTED] v -------------------------------------------- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
